The trend in development of business today is for offices of all modern companies, regardless of their size, to have a corporate computer network. One of the advantages of having a corporate network is the possibility of quickly exchanging various information between company employees by means of personal computers (PCs) which are part of the network.
However, a corporate network and its network infrastructure form a complex system and require professional setup and management. It is very important to monitor the PCs in the network, and especially the applications that are installed and run on the PCs in the corporate network, which allows maximum safeguarding of the corporate network against attacks and various losses of confidential information. For these purposes, a technology exists for monitoring applications, also known as “application control.”
There are various approaches to controlling the launching of a program (software or application) that are carried out by application control systems. As a rule, the control is carried out through the use of a list of application control rules, making it possible to monitor the launching or the accessing of executable files, applications, or entire file groups. One of the widespread and simple methods of control is an approach that formulates control rules that allow the launching of any application that does not appear on a list of forbidden applications, the control rules having been previously drawn up by the administrator of the corporate network. Another approach is to formulate control rules such as to allow the launching of only permitted applications, and to forbid the launching of all others (known as “default deny”). As a rule, modern application control systems perform both of these approaches, depending on the tasks of the administrator.
The principal problems when introducing an application control occur in the operation of “internal” corporate applications and updates of applications, such as: all “internal” corporate applications when introducing an application control need to be “categorized” in clear form, i.e., placed in user categories by hand or by means of automatic categorization algorithms; while updates of installed applications cannot always be automatically given “permission” to be launched. To solve such problems in the context of modern application control systems, the user category of applications is constructed on the basis of information from the indicated computers. When creating the user category, the administrator assigns a “standard”—one or more computers in the corporate network. When any executable file is launched on the “standard” computers, the system adds this file to the user category (for example, the MD5 of the file or other metadata of the file is added to the category of permitted applications). Similarly, in the functioning of the inventory task, all files found from “standard” computers are automatically entered in a specified user category. When creating this type of user category, one can process all files or only the uncategorized ones (a file not belonging to the user categories or any other categories). Thus, when a new version of an internal corporate software appears, there is no need to add it manually to the user categories or place it in a special category. It will be sufficient to install it on a “standard” computer and the files will automatically end up on the list of permitted files. The formation of a user category can also be based on a directory (e.g., folder). For example, the administrator creates a category “My files” and indicates a particular directory, and the system performs monitoring of changes in the indicated directory. When new files appear, they are automatically added to the user category. Such an approach greatly simplifies the adoption of an application control in the “default deny” mode.
However, in view of the size of modern corporate networks, the complexity of their network infrastructure, and the need to comply with a large number of requirements established by companies, there is a need for automation and a smarter approach to the selecting of “standard” computer resources by valuating all computer resources existing in the network for their compliance with the established requirements.